[Free] New Updated (October) Microsoft 70-411 Real Exam 91-100

Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.

The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.

You implement a Distributed File System (DFS) namespace named contoso.compublic. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.

You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.

Set the Ordering method of contoso.compublic to Random order.

B.

Set the Advanced properties of the folder target in the Seattle office to Last among all targets.

C.

Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.

D.

Set the Ordering method of contoso.compublic to Exclude targets outside of the client’s site.

E.

Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.

F.

Set the Ordering method of contoso.compublic to Lowest cost.

Correct Answer: CD

Explanation:

Exclude targets outside of the client’s site

In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to “First among all targets” or “Last among all targets” are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client’s site .

Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

QUESTION 92

You have a server named Server 1.

You enable BitLocker Drive Encryption (BitLocker) on Server 1.

You need to change the password for the Trusted Platform Module (TPM) chip.

What should you run on Server1?

A.

Manage-bde.exe

B.

Set-TpmOwnerAuth

C.

bdehdcfg.exe

D.

tpmvscmgr.exe

Correct Answer: B

Explanation:

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

QUESTION 93

You have a file server that has the File Server Resource Manager role service installed.

You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.

What should you do?

A.

Run the Update FsrmQuotacmdlet.

B.

Run the Update-FsrmAutoQuotacmdlet.

C.

Create a new q

uota for Folder1.

D.

Modify the quota properties of Folder1.

Correct Answer: C

Explanation:

By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.

http://technet.microsoft.com/en-us/library/cc731577.aspx

QUESTION 94

Your network contains an Active Directory forest named contoso.com.

The domain contains three servers. The servers are configured as shown in the following table.

You need to identify which server role must be deployed t

o the network to support the planned implementation.

Which role should you identify?

A.

Network Policy and Access Services

B.

Volume Activation Services

C.

Windows Deployment Services

D.

Active Directory Rights Management Services

Correct Answer: C

Explanation:

Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network- based installation. This means that you do not have to install each operating system directly from a CD, USB drive or DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It is also helpful to understand the Preboot execution Environment (also known as Pre-Execution Environment).

QUESTION 95

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.

Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.

You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

Correct Answer:

QUESTION 96

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.

You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.

You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.

<
/font>

Which two audit policies should you configure in GPO1?

To answer, select the appropriate two objects in the answer area.

Correct Answer:

QUESTION 97

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.

All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.

To which server should you deploy the feature?

A.

Server1

B.

Server2

C.

Server3

D.

Server4

E.

Server5

Correct Answer: E

Explanation:

The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.

QUESTION 98

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Server1 has a folder named Folder1 that is used by the human resources department.

You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.

What should you configure on Server1?

A.

a storage report task

B.

a file screen exception

C.

a file screen

D.

a file group

tbody>

Correct Answer: C

Explanation:

Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. With File Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders.

File Screen Enforcement:

You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log or e-mails sent to users and administrators, as part of active and passive file screen enforcement.

You need to ensure that you can access the contents of the mounted snapshot.

What should you do?

A.

From the snapshot context of ntdsutil, run activate instance “NTDS”.

B.

From a command prompt, run dsamain.exe -dbpath

c:$snap_201204131056_volumec$windowsntdsntds. dit -Idapport 389.

C.

From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.

D.

From a command prompt, run dsamain.exe -dbpath

c:$snap_201204131056_volumec$windowsntdsntds. dit -Idapport 33389.

Correct Answer: D

Explanation:

By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

A.

From Active Directory Sites and Services, run the Delegation of Control Wizard.

B.

From a command prompt, run the dsadd computer command.

C.

From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.

D.

From a command prompt, run the dsmgmt local roles command.

Correct Answer: D

Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.